Breaking News is the place in the Spiceworks Community to share and discuss current events related to IT. Learn more about how to submit and get your stories featured on the home page in our Breaking News guidelines.

Since Intel told the world to stop patching CPU microcode to fix Spectre/Meltdown vulnerabilities because of system stability issues with the fixes, Intel has remained relatively quiet. On Feb. 7, the chip-maker broke its silence with an announcement from Navin Shenoy, executive VP of the Data Center group at Intel.

He reassured everyone that Intel has been working on the issue on multiple platforms. Additionally, he announced that production code for Skylake processors has been released to OEMs. Intel also updated their advice for organizations waiting on the latest fixes.

Intel continues to work closely with industry partners to protect customers against the security exploits disclosed by Google Project Zero. As I shared January 22, we identified the root cause of the reboot issue affecting the initial Broadwell and Haswell microcode updates. Since then, we’ve been focused on developing and validating updated microcode solutions for those and other impacted platforms.
Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days. We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.
Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change. According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks1 can be prevented with – among other things – regular system updates.

As stated in the previous update January 27, we have identified the root cause of the reboot issue impacting Broadwell, Haswell and have now done so for other platforms. Earlier this week, we released production microcode updates addressing this issue for several Skylake-based platforms to our OEM customers and industry partners. We also continue to release beta microcode updates for other affected products so that customers and partners have the opportunity to conduct extensive testing before we move them into production as well.
In the interim, and pending release of updated microcode, our guidance for customers and partners remains largely unchanged:
We continue to recommend that OEMs, Cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions of microcode, as they may introduce higher than expected reboots and other unpredictable system behavior.
We also continue to ask that our industry partners focus efforts on evaluating the early versions of updated microcode solutions that we have started rolling out in Beta form.
For those concerned about system stability while we finalize these updated solutions, earlier this week we advised that we were working with our OEM partners to provide BIOS updates using previous versions of microcode not exhibiting these issues, but that also removed the mitigations for ‘Spectre’ variant 2 (CVE 2017-5715)
Microsoft also provided two resources for users to disable current microcode on platforms exhibiting unpredictable behavior:
For most users – An automatic update available via the Microsoft® Update Catalog which disables ‘Spectre’ variant 2 (CVE 2017-5715) mitigations without a BIOS update. This update supports Windows 7 (SP1), Windows 8.1, and all versions of Windows 10 - client and server
For advanced users– refer to the following Knowledge Base (KB) articles
KB4073119: IT Pro Guidance
KB4072698: Server Guidance
Both of these options eliminate the risk of reboot or other unpredictable system behavior associated with the original microcode update and retain mitigations for ‘Spectre’ variant 1 and ‘Meltdown’ variant 3 until new microcode can be loaded on the system.

17 Replies

"We continue to recommend that OEMs, Cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions of microcode, as they may introduce higher than expected reboots and other unpredictable system behavior."

This person is a verified professional.

Hopefully, they go back far enough with systems to make the BIOS Updates for this to be taken care of properly. I don't expect my Optiplex 620's to get an update, but it would be nice if my Optiplex 980/780 and above get that update.

This person is a verified professional.

Intel is mismanaging this. If they were serious, they'd create a util that people can run on machines, which would identify the CPU and fetch any firmware updates needed. Releasing firmware patches to OEM vendors means millions of machines will remain unpatched for years to come.